Group items tagged

Perhaps the strongest evidence that the attack was a law enforcement or intelligence operation was the limited functionality of the malware. The heart of the malicious Javascript was a tiny Windows executable hidden in a variable named “Magneto.” A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box. But the Magneto code didn’t download anything. It looked up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sent it to a server in Northern Virginia server, bypassing Tor, to expose the user’s real IP address, coding the transmission as a standard HTTP web request.

The official IP allocation records maintained by the American Registry for Internet Numbers show the two Magneto-related IP addresses were part of a ghost block of eight addresses that have no organization listed. Those addresses trace no further than the Verizon Business data center in Ashburn, Virginia, 20 miles northwest of the Capital Beltway. The code’s behavior, and the command-and-control server’s Virginia placement, is also consistent with what’s known about the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007. Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor. Prior to the Freedom Hosting attack, the code had been used sparingly, which kept it from leaking out and being analyzed.

That presentation states that the call data is acquired from major Pakistani telecom providers, though it does not specify the technical means by which the data is obtained. The June 2012 document poses the question: “Given a handful of courier selectors, can we find others that ‘behave similarly’” by analyzing cell phone metadata? “We are looking for different people using phones in similar ways,” the presentation continues, and measuring “pattern of life, social network, and travel behavior.” For the experiment, the analysts fed 55 million cell phone records from Pakistan into the system, the document states. The results identified someone who is “PROB” — which appears to mean probably — Zaidan as the “highest scoring selector” traveling between Peshawar and Lahore.

According to another 2012 presentation describing SKYNET, the program looks for terrorist connections based on questions such as “who has traveled from Peshawar to Faisalabad or Lahore (and back) in the past month? Who does the traveler call when he arrives?” and behaviors such as “excessive SIM or handset swapping,” “incoming calls only,” “visits to airports,” and “overnight trips.”

The following slide appears to show other top hits, noting that 21 of the top 500 were previously tasked for surveillance, indicating that the program is “on the right track” to finding people of interest. A portion of that list visible on the slide includes individuals supposedly affiliated with Al Qaeda and the Taliban, as well as members of Pakistan’s spy agency, Inter-Services Intelligence. But sometimes the descriptions are vague. One selector is identified simply as “Sikh Extremist.” As other documents from Snowden revealed, drone targets are often identified in part based on metadata analysis and cell phone tracking. Former NSA director Michael Hayden famously put it more bluntly in May 2014, when he said, “we kill people based on metadata.” Metadata also played a key role in locating and killing Osama bin Laden. The CIA used cell phone calling patterns to track an Al Qaeda courier and identify bin Laden’s hiding place in Pakistan.

A History of Targeting Al Jazeera  The U.S. government’s surveillance of Zaidan is not the first time that it has linked Al Jazeera or its personnel to Al Qaeda. During the invasion of Afghanistan, in November 2001, the United States bombed the network’s Kabul offices. The Pentagon claimed that it was “a known al-Qaeda facility.” That was just the beginning. Sami al-Hajj, an Al Jazeera cameraman, was imprisoned by the U.S. government at Guantanamo for six years before being released in 2008 without ever being charged. He has said he was repeatedly interrogated about Al Jazeera. In 2003, Al Jazeera’s financial reporters were barred from the trading floor of the New York Stock Exchange for “security reasons.” Nasdaq soon followed suit.

During the invasion of Iraq, U.S. forces bombed Al Jazeera’s Baghdad offices, killing correspondent Tariq Ayoub. The U.S. insisted it was unintentional, though Al Jazeera had given the Pentagon the coordinates of the building. When American forces laid siege to Fallujah, and Al Jazeera was one of the few news organizations broadcasting from within the city, Bush administration officials accused it of airing propaganda and lies. Al Jazeera’s Fallujah correspondent, Ahmed Mansour, reported that his crew had been targeted with tanks, and the house they had stayed in had been bombed by fighter jets. So great was the suspicion of Al Jazeera’s ties to terrorism that Dennis Montgomery, a contractor who had previously tried peddling cheat-detector software to Las Vegas casinos, managed to convince the CIA that he could decode secret Al Qaeda messages from Al Jazeera broadcasts. Those “codes” reportedly caused Bush to ground a number of commercial transatlantic flights in December 2003. But the U.S. government appeared to have somewhat softened its view of the network in the last several years. The Obama administration has criticized Egypt for holding three of Al Jazeera’s journalists on charges of aiding the Muslim Brotherhood. During the height of the 2011 Arab Spring, then-Secretary of State Hillary Clinton praised the network’s coverage, saying, “Viewership of Al Jazeera is going up in the United States because it’s real news.”

Zaidan is still Al Jazeera’s Islamabad bureau chief, and has also reported from Syria and Yemen in recent years. Al Jazeera vigorously defended his reporting. “Our commitment to our audiences is to gain access to authentic, raw, unfiltered information from key sources and present it in an honest and responsible way.” They added that, “our journalists continue to be targeted and stigmatized by governments,” even though “Al Jazeera is not the first channel that has met with controversial figures such as bin Laden and others — prominent western media outlets were among the first to do so.”

It might be worth noting at this point that Watt’s political history casts doubt on his real objectives.   According to Open Secrets, among the Top 20 contributors to Watt’s 2009-2010 campaign were Goldman Sachs, Bank of America, Citigroup Inc., Bank of New York Mellon, American bankers Association, US Bancorp, and The National Association of Realtors. (“Top 20 Contributors, 2009-2010“, Open Secrets)

SALT LAKE CITY – A Utah lawmaker concerned about government spying on its citizens is questioning whether city water service should be cut off to a massive National Security Agency data storage facility outside Salt Lake City.Rep

Meanwhile John Kerry is doing fancy footwork, explaining the legislation away, in a letter to Javad Zarif. we remain fully committed to the sanctions lifting provided for under the JCPOA. We will adhere to the full measure of our commitments, per the agreement. At the State Department briefing Monday, reporters questioned why the legislation didn’t amount to a violation of the Iran Deal:

Here is some more blindness in the media on these issues. NPR has continually deceived listeners about Sheldon Adelson’s agenda, and it did so again yesterday. Adelson is a leading opponent of the Iran Deal, as a supporter of Israel. He has called on President Obama to nuke Iran. But in a report on Adelson’s purchase of a Nevada newspaper, NPR once again leaves out the Israel angle of Adelson’s interests. It says blandly: Adelson is also prominently involved in national politics. That link is to a story about his on-line gambling concerns. But as Cory Bennett of the Hill said on CSPAN the other day– something I did not know till now– Iran is said to have undertaken a cyber-attack on Sheldon Adelson’s casino last year because of his call to nuke Iran.  The alleged cyber-attack:  Investigators determined that hacker activists were the ones who broke into servers belonging to the Las Vegas Sands Corporation in February 2014, costing the company more than $40 million in damages and data recovery costs, Bloomberg Businessweek reported Thusday citing a report by cybersecurity firm Dell SecureWorks. The hackers were acting in retaliation to the company’s CEO, casino magnate Sheldon Adelson’s statement that Obama should detonate a nuclear bomb in Tehran, which stirred controversy around the world. This is the battle behind the headlines. And in a transparent effort to get Adelson’s backing, as well as that of the Andrew Herenstein’s of the world, the neoconservative favorite in the Republican race, Senator Marco Rubio, has vowed to tear up the Iran deal on his first day in the White House if he’s elected. Thus the ideological war over how much the U.S. should support Israel is playing out in global terms; and our media are shying away from the story.